Everything in Spyhunt but with a better save feature and written (poorly) in rust!
This release is very unstable, I doubt it works.

Spyhunt is comprehensive network scanning and vulnerability assessment tool. This tool is designed for security professionals and penetration testers to perform comprehensive reconnaissance and vulnerability assessment on target networks and web applications. It combines multiple scanning techniques and integrates various external tools to provide a wide range of information about the target.
For the original project : spyhunt

1. It imports various libraries for network operations, web scraping, and parallel processing.

2. The script defines a colorful banner and sets up command-line argument parsing for different scanning options.

3. It includes multiple scanning functions for different purposes:

   • Subdomain enumeration
   • Technology detection
   • DNS record scanning
   • Web crawling and URL extraction
   • Favicon hash calculation
   • Host header injection testing
   • Security header analysis
   • Network vulnerability analysis
   • Wayback machine URL retrieval
   • JavaScript file discovery
   • Broken link checking
   • HTTP request smuggling detection
   • IP address extraction
   • Domain information gathering
   • API endpoint fuzzing
   • Shodan integration for additional recon
   • 403 Forbidden bypass attempts
   • Directory and file brute-forcing
   • Local File Inclusion (LFI) scanning with Nuclei
   • Google dorking
   • Directory Traversal
   • SQL Injection
   • XSS
   • Subdomain Takeover
   • Web Server Detection
   • JavaScript file scanning for sensitive info
   • Auto Recon
   • Port Scanning
   • CIDR Notation Scanning
   • Custom Headers
   • API Fuzzing
   • AWS S3 Bucket Enumeration
   • JSON Web Token Scanning

git clone /~https://github.com/punixcorn/spyhuntrs
cd spyhuntrs
cargo install --path .  # to build & install, make cargo/bin is in path
git clone /~https://github.com/punixcorn/spyhuntrs-deps ~/.spyhuntrs-deps # for needed files

Put this in your ~/.bashrc or ~/.zshrc

export PATH="$PATH:$HOME/.cargo/bin/"

Scan for subdomains and save the output to a file.

 spyhuntrs -s yahoo.com --save filename.txt

Scan for subdomains but also extract subdomains from shodan

 spyhuntrs -s yahoo.com --shodan yahoo.com --shodan_api API_KEY --save filename.txt

Scan for javascript files

 spyhuntrs -j yahoo.com --save jsfiles.txt

Scan for dns records

 spyhuntrs -d domains.txt

Scan for FavIcon hashes

 spyhuntrs --fi domain.com

Web Crawler

 spyhuntrs --wc https://www.domain.com

Broken Links

 spyhuntrs -b https://www.domain.com

Cors Misconfiguration Scan

 spyhuntrs --co domains.txt

Host Header Injection

 spyhuntrs --hh domains.txt

Host Header Injection With proxy

 spyhuntrs --hh domains.txt --proxy http://proxy.com:8080

Directory Brute Forcing

 spyhuntrs --directorybrute domain.com --wordlist list.txt  //-e php,txt,html -x 404,403

Directory Brute Forcing with no extensions

 spyhuntrs --directorybrute domain.com --wordlist list.txt // -x 404,403

Scanning a subnet

 spyhuntrs --cidr_notation IP/24 --ports 80,443

Directory Traversal

 spyhuntrs --ph domain.com?id=

sql injection

 spyhuntrs --sqli domain.com?id=1

xss

 spyhuntrs --xss domain.com?id=1

JavaScript file scanning for sensitive info

 spyhuntrs --javascript domain.com

Javascript endpoint fuzzing

 spyhuntrs --javascript_endpoint domains.txt  --save filename.txt

Modify the headers of the request

 spyhuntrs -ch domain.com

Parameter bruteforcing

 spyhuntrs -pf domain.com

Open Redirect

 spyhuntrs -or domain.com -v -c 50

Haveibeenpwned [NOT INCLUDED YET]

 spyhuntrs -hibp password

Subdomain Takeover [NOT INCLUDED YET]

 spyhuntrs -st domains.txt --save vuln_subs.txt -c 50

Auto Recon [NOT INCLUDED YET]

 spyhuntrs -ar domain.com

JSON Web Token [NOT INCLUDED YET]

 spyhuntrs -jwt Token

JSON Web Token Modification [NOT INCLUDED YET]

 spyhuntrs -jwt-modify Token

AWS S3 Bucket Enumeration [NOT INCLUDED YET]

 spyhuntrs --s3-scan bucket.com

Heap Dump Analysis [NOT INCLUDED YET]

 spyhuntrs --heapdump heapdump_file

Sprint Boot Actuator Scan [NOT INCLUDED YET]

 spyhuntrs --heapds domains.txt

• Tests [not Completed]
• [] better error handling (for requests)
• [] Documentation
• rename files meh, it works
• [] better error handling for tests capture
• Make Readme Image
• Install Script (thinking about just using his .py script and running it)

• cli handling

functions in the file [ WORKING 45/52 ]

• update won't do it
• save/s
• reverseip
• reverseipmulti
• webcrawler
• statuscode
• favicon
• enumratedomain
• faviconmulti
• corsmisconfig
• hostheaderinjection
• securityheaders
• networkanalyzer
• waybackurls
• javascript
• dns
• probe
• redirects
• brokenlinks
• tech
• ip addresses
• domain info
• important subdomains
• not found
• paramspider
• pathhunt
• nmap
• api fuzzer
• shodan
• forbiddenpass
• directorybrute
• nuclei lfi
• google
• cidr notation
• print all ips
• xss scan
• sqli scan
• webserver scan
• javascript scan
• javascript enpoints
• param miner
• custom headers
• open redirect
• automoussystemnumber
• have i been pwned Non trusted Website
• auto recon Just gonna do a bunch of funtions
• [] subdomain takeover

• [] smuggler
• [] jwt scan
• [] jwt modify
• [] s3 scan
• [] heapdump
• [] heapdump scan

• copy all script

• copy all payloads

• user_agents.py
  • fetching useragents from website
  • saving all kinds of files
  • pathhunter
• [] heapdump_scan.py
• [] heap_dump.py
• favicon.py
• [] jwt_analyzer.py
• [] letslog.py
• [] ss3sec.py
• [] ssl_sec.py
• [] sub_ouput.py

• [] smuggler
• [] whatwaf
• assetfinder??? ( It's a mac os copy for macos)
• [] f5bigip_scanner.py
• pathhunt.py

Using 2 tokio::spawn and rayon::par_iter

• tokio::spawn : runs the async function in tasks
• rayon::per_iter : makes the async, sync with blocking and runs parallelism on it

• tokio - faster by approx 40%, but is slower on poor internet by approx >=50% and fails sometimes.
• rayon - slower but consistent.

λ cookedpotato [~/spyhuntrs/src] → for i in $(ls); do ; ../target/debug/spyhunt --statuscode test | grep TIME; echo "=======================" ; done